Data thieves break into a small-town doctor’s system. They use advanced hacking methods to not only gain access to the healthcare information inside it but make that data completely inaccessible for the provider. They steal the protected health information of the physicians’ patients, encrypt it, and post an electronic ransom note demanding that the doctor pay up to get the data back.
Gripping, right? It sounds like the plot of an action movie. I’d watch that.
But if the above scenario were to play out in movie form, the first words on big screens in theaters would be ‘Based on a True Story,’ because the tale of ‘Electronic Medical Records for Ransom’ actually took place earlier this year.
What healthcare provider was victimized by these bold digital attackers? A small medical practice in affluent, suburban Libertyville, Illinois called The Surgeons of Lake County.
Health data breaches happen often, in small practices as well as in large healthcare organizations and hospitals. But it’s usually only the big ‘hack attacks’ that make news rounds due to the huge numbers of patients that get affected (and the federal requirement that providers publicly report all breaches affecting more than 500 people).
Thus it’s only the sheer audacity of the data thieves in Illinois that makes this story noteworthy. Many providers across the U.S. are employing inadequate security measures, meaning breaches of small-provider PHI are more frequent.
For decades, the lack of technology in medical practices was what made them such an easy target for data thieves. Walking out of a doctor’s office with a patient’s private data was as easy as tucking a manila-folder chart into your briefcase.
Nowadays, though, it’s insecure technology, coupled with its poor utilization, that allows data breaches to happen. The thieves in Illinois managed to extract the PHI from the physicians’ insecure, poorly protected system – described in media reports as a server within the computer network – and encrypt the data.
The truth is, encryption should have happened on the opposite end. The Surgeons of Lake County took inadequate security measures, which ultimately left them vulnerable to attack – possibly because of the scant protections of an archaic client-server software system.
When it comes to security, the cloud can be the answer. CareCloud secures data with 256-bit SSL file encryption – twice the level mandated by the government. That’s double protection from unauthorized retrieval, which makes patient data hard to steal and even harder to hold out for ransom. None of the providers on CareCloud’s network, which spans over 30 U.S. states, has had their data compromised.
Healthcare data security should be simple. Doctors should take the smartest protection measures available to them to keep their patients’ data safe. Dramatic events involving stolen records, hacked servers, and ransom notes shouldn’t happen.
At CareCloud, security doesn’t sound like a movie plot. For us, security is a snoozer, and we like it that way.
Do you know what you need when setting up a new medical practice?
